* Posts by Sitaram Chamarty

182 posts • joined 30 Aug 2008

Page:

India extends deadline for compliance with infosec logging rules by 90 days

Sitaram Chamarty

fax

would be so cool if everyone used fax

(reports printed in the wingdings font only please!)

It's time to kick China off social media, says tech governance expert

Sitaram Chamarty

> by any chance?

by *every* chance!

Open-source leaders' reputations as jerks is undeserved

Sitaram Chamarty

Re: rude maintainers

if it is Qmail they're talking about, DJB is much more well known now for ChaCha/Salsa stream ciphers, Poly1305 MAC, and the Ed25519 replacements for EdDSA. They're pretty much the standard for "NIST/NSA did not have their sticky fingers in this"-cryptography.

Putin threatens supply chains with counter-sanction order

Sitaram Chamarty

Re: You want to play hardball?

speaking of "bunker" reminds me...

I wonder if there's a Downfall parody of this situation (you know, the one with Hitler ranting) already

Cloudflare stomps huge DDoS attack on crypto platform

Sitaram Chamarty

Re: used to surface Decentralized Finance projects to potential investors

I think it's closer to "expose", thinking back to every time I heard that word in various contexts

Putin reaches for nuclear option: Zuckerberg banned

Sitaram Chamarty

Re: Well, damn

I'm sure there are some nice tourist-worthy cathedrals in the areas where those guys live.

Google issues third emergency fix for Chrome this year

Sitaram Chamarty

Re: How happy I am

> So you use two browsers that could potentially have insecurities or flaws

"potentially" is better than *definitely*

Barely 3 weeks before this, we had CVE 2022-0609 (https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/ -- you don't even need to click it; the URL says it all)

Meta strikes blow against 30% 'App Store tax' by charging 47.5% Metaverse toll

Sitaram Chamarty

Re: Terrific!

I have to admit... I've hated lots of public figures over the years (heck that's half the reason they *exist* right?). But no one, not Bill Gates, not even Steve Ballmer when he was calling Linux a cancer, nor Bezos in his rocket, nor .... [well you get the idea] has ever generated in me the kind of instinctive, visceral, hatred I feel when I see Zuckerburg's picture anywhere.

"A face only a mother could love" has been a standard phrase in literature and humour for decades, but I suspect in this case even that could be a stretch.

Maybe that's just me...

The first step to data privacy is admitting you have a problem, Google

Sitaram Chamarty

meanwhile...

...for those who would like an immediate solution, I suggest installing NetGuard and setting it to block these apps from being able to send/receive data. I recommend setting it to "whitelist" mode, and allowing only the few apps that *you* know absolutely need network access.

NetGuard is open source; you can get it from f-droid also if, like me, you avoid the plague-store.

US warns Chinese chipmakers: Sell to Russia, suffer Huawei's fate

Sitaram Chamarty

> How is that not "dictating anyone's policy but their own"?

because "suffer Huawei's fate" should actually be read "we won't do business with you", so it is still within it's bailiwick

you got fooled by a symlink :) (if you're a unix/linux guy you know what I mean, if you're not you have my apologies for a crappy joke!)

India's Reserve Bank deputy governor calls for crypto ban

Sitaram Chamarty

his boss said: "no underlying asset -- not even a tulip"

that tulip snark was absolutely awesome!

that really made my day last week

indeed, these guys get it!

Worried about occasional npm malware scares? It's more common than you may think

Sitaram Chamarty

node/npm -- the new php

I'm one of those ultra cynics who consistently refused to let PHP on any internet facing server back when I was working on, and had a say in, such things.

Today I consider the node ecosystem to be just as bad in terms of the effort required (not just one time but on an ongoing basis) to keep it secure.

And I don't think I'm alone. I've often found comments on reddit and elsewhere, where, if someone posts a new tool in nodejs, will respond with "Uggh, node!" or "Node? No!" or similar. This is especially true for apps which don't really need to be written in JS (i.e. could have been written in any other language), although I cannot say if those comments are also driven by security concerns or just a general dislike of JS.

The dark equation of harm versus good means blockchain’s had its day

Sitaram Chamarty

Re: We know it has no future

you certainly appear to miss it... you need a "-e" somewhere, and I *think* the g needs to be next to the trailing "/" :)

Intel's recent Atom, Celeron, Pentium chips can be lulled into a debug mode, potentially revealing system secrets

Sitaram Chamarty

not quite

No idea about windows but at least on Linux, for a normal desktop/laptop using dm-crypt/LUKS, the FDE key is encrypted by a stretched version of a *user supplied* key.

There's nothing "stored [...] on the motherboard", and what is stored on disk needs to be brute forced in order to be of any use.

Waterfox: A Firefox fork that could teach Mozilla a lesson

Sitaram Chamarty

Re: Forks are a sign of success.

Agree.

I should add that there's nothing wrong with removing core features and pushing them into addons if they're reasonably similar. Reducing core is always a good thing.

Sitaram Chamarty

Re: Agree

> not using systemd in the way he envisioned

Or using any *other* software in the way his latest patches expect.

There was an incident with kernel cmdline (debug flag? don't remember) where Linus had to come down hard on this jackass and his minions, if I recall, because the then-latest systemd prevented something that was working before, but these people tried to claim the other guys need to change.

Yeah that was rambling, but this was some years ago so I don't quite recall the details.

Sitaram Chamarty

Re: Palemoon, check. Seamonkey, check.

> Configuring pulse audio to work with these firefox instances running under sudo wasn't easy

huh! I use a sudo based scheme to setup different firefox instances (one for every site I need a login for, and one for others; currently have 11 such userids)

only one of them needs sound, and it was a simple matter of adding that user to the group "audio"; never had to mess with PA networking

India's Supreme Court starts probe into use of Pegasus spyware

Sitaram Chamarty

indeed...

I read it first in https://indianexpress.com/article/explained/pegasus-snoop-allegations-sc-moved-the-needle-on-privacy-press-freedom-govt-security-alibi-7594235/

I particularly liked phrases like "should not take an adversarial position when the fundamental rights of citizens are at threat", "refused to accept the sweeping use of national security to deny information to the court", and several other bits.

Warmed my heart it did!

Git 2.33 released with new optional merge process likely to become the default: It's 'over 9,000' times faster

Sitaram Chamarty

that sqlite guy

...while no doubt brilliant with sqlite, is completely and utterly wrong about rebase.

why he and his ilk continue to confuse "rebase in your private repo before pushing it up for the world to see" with "rebase a published tree and confuse the heck out of the other developers" I could never understand.

It's like saying there should not be a backspace key on the keyboard.

In Search of Lost Time: GNU Grep 3.7 released with fix for 'extreme performance degradation'

Sitaram Chamarty
Thumb Down

ack? NAK!

I was a great fan of ack once upon a time, till one day I nearly lost data to it.

https://groups.google.com/g/ack-users/c/oa82NsPqhvo/m/Y2f0RTnY5dEJ

when someone else ran into similar problems and asked for documentation on how ack chooses what files to search and what files to ignore, the author's reply was "There's no English that explains how it works". https://groups.google.com/g/ack-users/c/rmRt92zBUlk/m/R6s85VhhDLoJ

Still being a fan (but thinking hard about why), I wrote it up, https://groups.google.com/g/ack-users/c/kdlaASvikFo/m/1ObiGm1L_yUJ and asked the author to include it in the docs somewhere. His response? "In my copious free time".

Sure this was back in 2009, but it still rankles. I have a long memory for open source authors who deal like this with users.

Thunderbird 91 lands: Now native on Apple Silicon, swaps 'master' for 'primary' password, and more

Sitaram Chamarty

meanwhile, over on a work-mandated Xubuntu laptop...

...Evolution + Evolution-EWS work fine. No fee to pay, and I get calendar invites too

Sitaram Chamarty

Re: Primary?

indeed it is. In an earlier thread on some other article I had mentioned that I am an India, El Reg is Brit, and in both countries the head (real, not titular) of the government is... wait for it... the *Prime* Minister :-) Can't get more elitist than "head of country"

NSO Group 'will no longer be responding to inquiries' about misuse of its software

Sitaram Chamarty

I wish...

the NSO chief and/or senior officers had attractive twitter handles.

NPM is Now Providing Malware – or was until recently

Sitaram Chamarty

there's supply chain attacks...

and then there's NPM, which is in a whole class by itself in terms of problems.

At least that's the impression my mind carries, from what I remember of various news items over the years. It's bad enough that I won't install any NPM or Node based software on my primary laptop.

So nice of China to put all of its network zero-day vulns in one giant database no one will think to break into

Sitaram Chamarty

ETERNALBLUE jealousy

someone in China is jealous of the NSA and how they found and hoarded ETERNALBLUE!

Quantum Key Distribution: Is it as secure as claimed and what can it offer the enterprise?

Sitaram Chamarty

Re: my "QKD for managers"

good article, but interception is not the only problem. With sufficient hardware resources, Eve can implement a true MITM -- get between them and relay messages back and forth -- because QKD has no *identity* component.

Sitaram Chamarty

my "QKD for managers"

Here's what I say when a "manager" asks me about QKD:

QKD is a popular and well known method of extracting money from gullible people -- whether it is in the form of grants, startup funding, or outright "product" purchase. In keeping with "quantum" principles, the person being diddled out of his money cannot simultaneously also *know* that he's being diddled.

More seriously, here's some excellent reading for anyone thinking QKD is actually useful: https://crypto.stackexchange.com/questions/51311/what-makes-quantum-cryptography-secure/51314#51314

Reserve Bank of India warns against Big Tech's potential to dominate financial services

Sitaram Chamarty

Re: Communist struggle

> I doubt they are particularly concerned about their citizens economic wellbeing.

Let me fix that for you:

"I doubt they are particularly concerned about their citizens wellbeing."

Google tweaks Android Messages app to auto-classify or auto-delete messages

Sitaram Chamarty

Re: One time passwords

That reluctance has nothing to do with google, as the phone provider.

Banks and other such entities would have a much more expensive, and possibly even confusing to many, provisioning workflow if they moved away from SMS.

If you're wondering why TOTP would be confusing, I can only say you're extrapolating from the audience of *this* site.

Also, SMS is not so bad here. There's a rule (law? not sure) that all incoming and outgoing SMSs are blocked for 24 hours on any new SIM activation. Raises the bar quite a bit for SIM jacking attacks.

Pull your Western Digital My Book Live NAS off the internet now if you value your files

Sitaram Chamarty

saved me the trouble...

came here to say I have zero sympathy for people who have TERABYTES of data but no backups...

saw that it's already been said, and much better too!

Will the real IRC please stand up? Freenode’s forest fire leaves ashes – and fresh growth

Sitaram Chamarty

what?

no idea what you're on about man. I've never seen anything remotely like this in various channels. All tech channels though.

The non-tech stuff I suppose is another story, but even then I suspect there are gradations.

What is it with Facebook and screwing democracies? Now calls for Prime Minister Modi to resign censored in India

Sitaram Chamarty

I wish...

I wish I could say that was entirely true.

I mean, I agree it's not religion. The various religious gathering contributed only a little

But it's not caste either. Wealth and power trump caste any day, yet the Chief Minister of Telangana (KCR) and his son (KTR) are covid-positive.

I can only see elections as the primary problem. I'm also basing my opinion on a couple of very recent news items (27th April; 2 days ago):

- https://indianexpress.com/article/india/as-covid-curve-and-deaths-surged-hardly-a-blip-on-election-commission-radar-7290505/

- https://www.deccanchronicle.com/nation/current-affairs/270421/election-commission-should-be-charged-with-murder-madras-hc.html

GitLab latest to ditch 'master' as default initial branch name: It's now simply called 'main'

Sitaram Chamarty

Re: Aargh...

I like to point out that "person" has "son" in it :-)

Sitaram Chamarty

Re: In me yoof...

I believe "taking insult on other people's behalf" is more commonly called "virtue signalling" :-)

India pauses blockchain-powered SMS spam-scrubber after it swallows people's one-time login codes

Sitaram Chamarty

Re: Maybe that explains why they've made such a hash of it....

this place is peppered with comedians!

The wrong guy: Backup outfit Spanning deleted my personal data, claims Cohesity field CTO

Sitaram Chamarty

this guy is a STORAGE EXEC

wow...

unlike some of you guys, I have no sympathy for him. He definitely should know better.

Perl.com theft blamed on social engineering attack: Registrar 'convinced' to alter DNS records by miscreants

Sitaram Chamarty

a few years ago...

maybe 2014, or 2015, or thereabouts, TCS (my employer, Tata Consultancy Services) was "hacked" (1) the same way.

I'm really too lazy to look it up but I think that was also NetSol when that happened.

Looks like they haven't learnt any lessons or modified any of their processes to cover this!

----

(1) "hacked", in quotes because everyone said we got hacked and we had to go around explaining that it was actually the DNS provider that was "hacked"

Splunk junks 'hanging' processes, suggests you don't 'hit' a key: More peaceful words now preferred in docs

Sitaram Chamarty

say primary instead of master?

to avoid elitism?

well, I'm an Indian, El Reg is Brit -- in both countries, our head of government (1) is the *Prime* Minister, not the *Master* Minister.

Can you get more elitist than "the head of the entire country"?

f-ing virtue signalling corporate jackasses...

(1) the real one, not the titular one

One malicious MMS is all it takes to pwn a Samsung smartphone: Bug squashed amid Android patch batch

Sitaram Chamarty

Re: if I did get one I would probably just delete it sight-unseen

not when "auto-retrieve" is off.

The message has not been retrieved.

Indian Railways suffers unspecified security 'breaches in various IT applications'

Sitaram Chamarty

implications for normal people

Implications for normal people are likely to be

- non-financial data: name, age, train travel history, phone number, email address

- financial data: minimal or not at all (IMO)

It's been ages since I booked a ticket on IRCTC, but purchases in India are almost never of the "merchant knows your credit card number and has to keep it safe" type. Most people use "Net Banking", where the merchant does not know anything. It's somewhat like how the initial authentication flow of OAuth works -- you get directed from the merchant to your bank, you login there, accept the payment, and you are then sent back to the merchant, except in this case the merchant does not even know your account number in the bank, though he does know *which* bank you went to.

Devuan adds third init option in sixth birthday release

Sitaram Chamarty

telecom secor naming...

3gpp has "evolved nodeB" and "next generation nodeB".

Damned if I know which comes first!

Wells Fargo patent troll case has finance world all aquiver so Barclays, TD Bank sign up to Open Invention Network

Sitaram Chamarty
WTF?

USAA a patent troll?

I'm curious why USAA has been labelled a troll (if I connect the headline to the details correctly).

Wasn't troll supposed to denote entity that don't actually use the tech themselves in some way? I.e., a "non-practicing entity"

USAA is hardly a "non-practicing entity", in fact quite the opposite.

Decade-old bug in Linux world's sudo can be abused by any logged-in user to gain root privileges

Sitaram Chamarty

Re: How is this possible?

I think he meant to include C++ in what he said.

I hear Rust is becoming very popular...

Twitter CEO Jack Dorsey says Trump ban means the service has failed

Sitaram Chamarty

Re: Screwed the pooch and knows it

@POTUS is still active. It's a *personal* account that has been deleted.

Sitaram Chamarty

Re: Screwed the pooch and knows it

They have not banned POTUS, as in the @POTUS twitter account.

They have banned Trump's personal account, which he has been using to further a far-right agenda while "serving" (and I use the word very loosely) as POTUS.

There **is** a significant difference between these two accounts in terms of the debate that Merkel and co have started, and I am appalled that they are not seeing this difference.

Oblivious DoH, OPAQUE passwords, Encrypted Client Hello: Cloudflare's protocol proposals to protect privacy

Sitaram Chamarty

Re: I might be stupid but...

yes, I also thought the same (offline brute force).

However, it can *potentially* eliminate phishing -- but only with browser support I guess. It could even prevent "active MITM" -- the type of phishing that snarfs OTP codes also, from working

I'll have to refresh my memory / understanding of PAKE but if it has an internal Diffie-Hellman type component triggered by the actual password, then the man in the middle cannot learn the session key.

But all this requires browser support. Without browser support -- meaning the password entry window clearly looks different -- the user would have no way to differentiate a phishing site from the normal one.

China takes TikTok-WeChat ding-dong to World Trade Organization, accuses US, India of breaking global rules

Sitaram Chamarty

doesn't China already ban a lot of US apps?

I thought at least Whatsapp and something else are banned in China...

If true, why is no one mentioning that in this discussion?

Pretty wild that a malicious mailto: link might attach your secret keys and files from your PC to an outgoing message

Sitaram Chamarty
Linux

hah! paranoia pays off

I've always been a paranoid bugger who runs the mail client in one userid, and 3 different browsers in 2 other userids.

If the malicious link appeared on a web page, it would hit a blank wall -- the userid that is running the browser won't find an email client running, and even if it starts one it's definitely not configured to do anything.

It's also fairly easy to setup this kind of separation in Linux; I imagine a lot of people may be doing similar things (if they're paranoid enough that is).

US senators: WikiLeaks 'likely knew it was assisting Russian intelligence influence effort' in 2016 Dem email leak

Sitaram Chamarty

Is this news?

Maybe it's "proven" now, but to most sensible people with more than Fox News as a source this was kinda assumed to be true, wasn't it?

I certainly thought Assange had a direct hand in Hilary Clinton's defeat. (I don't live in the US. My impressions are formed only from various RSS feeds of normal newspapers (if they're not paywalled) and print newspapers in India).

Linux kernel coders propose inclusive terminology coding guidelines, note: 'Arguments about why people should not be offended do not scale'

Sitaram Chamarty

Re: Pull request denied

unlikely; or at least I have given up hope.

Ironically, considering the title of this article, he actually once said "people who are easily offended, should be offended".

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2022